All Versions
128
Latest Version
Avg Release Cycle
54 days
Latest Release
70 days ago

Changelog History
Page 1

  • v5.1.1 Changes

    July 19, 2021
    • โ™ป๏ธ Unrefactor IgnoreConfig's use of Brakeman::FilePath
  • v5.1.0 Changes

    July 19, 2021
    • ๐ŸŽ‰ Initial support for ActiveRecord enums
    • ๐Ÿ‘Œ Support Hash#include?
    • Interprocedural dataflow from very simple class methods
    • ๐Ÿ›  Fix SARIF report when checks have no description (Eli Block)
    • โž• Add ignored warnings to SARIF report (Eli Block)
    • โž• Add --sql-safe-methods option (Esty Scheiner)
    • โšก๏ธ Update SQL injection check for Rails 6.0/6.1
    • ๐Ÿ›  Fix false positive in command injection with Open3.capture (Richard Fitzgerald)
    • ๐Ÿ›  Fix infinite loop on mixin self-includes (Andrew Szczepanski)
    • Ignore dates in SQL
    • โ™ป๏ธ Refactor cookie?/param? methods (Keenan Brock)
    • Ignore renderables in dynamic render path check (Brad Parker)
    • ๐Ÿ‘Œ Support Array#push
    • ๐Ÿ‘ Better Array#join support
    • Adjust copy of --interactive menu (Elia Schito)
    • ๐Ÿ‘Œ Support Array#*
    • ๐Ÿ‘ Better method definition tracking and lookup
    • ๐Ÿ‘Œ Support Hash#values and Hash#values_at
    • Check for user-controlled evaluation even if it's a call target
    • ๐Ÿ‘Œ Support Array#fetch and Hash#fetch
    • Ignore sanitize_sql_like in SQL
    • Ignore method calls on numbers in SQL
    • โž• Add GitHub Actions format (Klaus Badelt)
    • ๐Ÿ“œ Read and parse files in parallel
  • v5.0.4 Changes

    June 08, 2021

    ๐Ÿš€ (brakeman gem release only)

    • โšก๏ธ Update bundled ruby_parser to include argument forwarding support
  • v5.0.2 Changes

    June 07, 2021
    • ๐Ÿ›  Fix Loofah version check
  • v5.0.1 Changes

    April 27, 2021
    • ๐Ÿ”ง Detect ::Rails.application.configure too
    • Set more line numbers on Sexps
    • ๐Ÿ‘Œ Support loading slim/smart
    • Don't fail if $HOME/$USER are not defined
    • Always ignore slice/only calls for mass assignment
    • Convert splat array arguments to arguments
  • v5.0.0 Changes

    January 26, 2021
    • Ignore uuid as a safe attribute
    • Collapse __send__ calls
    • Ignore Tempfile#path in shell commands
    • Ignore development environment
    • โš  Revamp CSV report to a CSV list of warnings
    • ๐Ÿ”ง Set Rails configuration defaults based on load_defaults version
    • โž• Add check for (more) unsafe method reflection
    • ๐Ÿš… Suggest using --force if no Rails application is detected
    • โž• Add Sonarqube report format (Adam England)
    • โž• Add check for potential HTTP verb confusion
    • โž• Add --[no-]skip-vendor option
    • ๐Ÿ’Ž Scan (almost) all Ruby files in project
  • v5.0.0.pre1 Changes

    November 17, 2020
    • โž• Add check for (more) unsafe method reflection
    • ๐Ÿš… Suggest using --force if no Rails application is detected
    • โž• Add Sonarqube report format (Adam England)
    • โž• Add check for potential HTTP verb confusion
    • โž• Add --[no-]skip-vendor option
    • ๐Ÿ’Ž Scan (almost) all Ruby files in project
    • โž• Add support for Haml 5.2.0
  • v4.10.1 Changes

    December 24, 2020
    • ๐Ÿ’Ž Declare REXML as a dependency (Ruby 3.0 compatibility)
    • ๐Ÿ’Ž Use Sexp#sexp_body instead of Sexp#[..] (Ruby 3.0 compatibility)
    • Prevent render loops when template names are absolute paths
    • ๐Ÿ“œ Ensure RubyParser is passed file path as a String
    • ๐Ÿ‘Œ Support new Haml 5.2.0 escaping method
  • v4.10.0 Changes

    September 28, 2020
  • v4.9.1 Changes

    September 04, 2020
    • ๐Ÿš… Use version from active_record for non-Rails apps (Ulysse Buonomo)
    • Check chomped strings for SQL injection (#1509)
    • Always set line number for joined arrays (#1499)
    • Avoid warning about missing attr_accessible if protected_attributes gem is used (#1512)
    • โœ… Bundle latest ruby_parser (4.15.0)